By Reena Raichura, Founder of Finergise, Senior Fintech and Capital Markets Executive, FTSE 250 NED.
As a strategic advisor, NED and capital markets SME, as well as keeping on top of all the cool technology and innovation that’s out there, I like to keep updated with the latest regulatory and compliance changes, so I was delighted to attend the RegTech Insight, from A-Team Group event a few weeks back. As is usual with the A-Team Group, I was blown away by the quality of the content and speakers. It was an insightful day, and I wanted to share some of the key takeaways for 2024 and going into 2025:
EMIR Refit – Best Practices for Trade Reporting- Focus needs to be on data accuracy not just getting 100% of the reports out
- It’s important to understand the source data of what you are submitting
- If you are using a vendor solution, look for vendors that can aggregate the data across the different repositories because ‘you can delegate your reporting but not your obligation’
- There is no one identifier that fits all use cases – use the relevant identifiers that are fit for the use case
Core message: Focus on data quality above all else
Latest on Cybersecurity
- The risk of external attacks (phishing, hacking etc.) rated highly on an audience poll posing the question around the greatest challenge that firms face
- The target for attackers – external or internal, are the humans in the loop. They are often the weakest chain
- Concerns around insider threat was specifically the lack of cybersecurity awareness amongst employees. There is a need for continuous and up-to-date cybersecurity awareness programs
- Third party risk (vendor/supply chain attacks) surprisingly rated lowest in concern from the audience poll
- AI is already deeply integrated into what attackers use to target humans
- Working from home and working from office are blurring the lines between what’s corporate versus what’s not and makes it more difficult for cybersecurity teams to know what to stop/block
- Cybersecurity is not just a technology issue, it’s firm wide and poses overall business-risks and you need to understand the gaps and quantify them to get the right funding
- A global approach to following regulations will future proof your cyber strategy
- Ongoing diligence with vendors cybersecurity policy is also needed. Use a holistic approach as vendors priority/importance to the firm can change over time
- In theory zero trust architecture is great but in practice it’s hard to migrate from non-zero to zero, greenfield zero trust is a lot easier to implement
Core message: Ongoing awareness and training is key and AI is increasingly be used for cyber attacks
Dealing with DORA
- Deadline is fast approaching: 17th January 2025
- DORA is everywhere – you need to be having DORA conversations with those in your supply chain
- DORA is more than cyber, it’s a full ICT risk assessment, mitigation and reporting framework
- If you think you are out of scope then think again – you are a DORA entity or you service a DORA entity
- You need to be reviewing your end-to-end business model including third and forth parties
- DORA is not a technology thing. All functions need to be aware
Core message: Whether you’re a financial institution, consulting firm or a vendor – everyone needs to have a DORA story
Using Generative AI for Regulatory and Compliance
- A ‘Reg’ co-pilot is being trialed by some firms – Ingests documentation of new regulations and uses it to see where the gaps are with current compliance particularly across different bodies.
- Using AI for voice to technology translation is useful for building patterns on dialogue
- Don’t stifle innovation – allow digital natives to play but within the realms of what’s allowed when it comes to regulatory and compliance use cases so that what they produce is actually useful
Core message: Let’s not hold machines to higher standards than we do humans. The value of AI is that it can get through all the regulations quickly so humans can get on with interrogating the anomalies
Communication Surveillance
- Data capture is a big challenge for firms – people using alternative channels for communication and want to use their platforms of choice
- The irony is the platforms that people are allowed to use don’t fit their use cases so they turn to alternatives
- Newer communications channels are end to end encrypted but firms tend to go to their traditional suppliers of communications
- Embrace multiple different ways of communicating but done in a compliant way
- Know your communication landscape internally to properly inform regulation, governance and reporting
- Communication channels are hidden in all sorts of applications – comms channel don’t always look like comms channels
- When it comes to buy or build in the communications space there is buyer fright for vendor solutions so firms leaning towards build
- Vendors should amplify their ‘API-ification’, make their products/platforms more open to make them more attractive for financial institutions
- Supervision and detection are good, but the response and mitigation are key to a full vendor solution
- Need data connectors to collect data from any source, store it, archive it, read it
- Communication data is a goldmine for different use cases – Once you have solved the regulatory challenges there are opportunities for monetisation of that data
Core message: A modern and sensible approach to communications surveillance is required starting with understanding your full communications landscape but also the needs of the business and users to enable them in the right way
Tackling T+1 Settlement
- The goal of T+1 is to minimise counterparty risk as well as operational and clearing costs
- India already moved to T+1 using a phased approach between February 2022 and January 2023. The US moved to T+1 in May 2024
- Harmonisation of settlement cycles is key to global markets so other countries and regions will have to follow suit
- For the UK, the T+1 date that has been set is October 2027 but actually firms can move to T+1 whenever they want to
- Some products such as FX and securities lending remain a challenge for T+1
- T+1 is an opportunity to get rigour in various processes and modernise these processes. Automation of manual processes is key
- There are also opportunities for custodians and outsourcers to increase business with the buy side
- Regulation helps to move the needle for modernisation because everybody has to do it at the same time
Can we ever move to T0? A collective ‘NO’ from the panel – Real-time settlement not possible with current technology/infrastructure – clearing houses couldn’t cope with it. Regulators like clearing as a risk management tool and technically with T+1 you do have settlement instructions on T and then 1 day to deal with issues
Core message: Use T+1 as an opportunity to modernise your technology and automate your business processes
Final Thoughts
For me, new and updated regulations provide an opportunity for firms to review and refresh their business processes. It’s a great excuse and opportunity to modernise, innovate and automate because you have to do it. The great thing is that we now have the technology and infrastructure to do that. There were some amazing vendor solutions on show at the event and I am excited about what comes next in this space!
Thank you, Denise Clements, Lorna Van Zyl and the A-Team Group for such a brilliant event.
If you want to learn more be sure to join us at the next RegTech Summit event coming to NYC on November 21st – view the full agenda and sign up here or register below.
Subscribe to our newsletter